ICANN and IANA domains hijacked by Turkish crackers

26/06/2008 Written by Marcelo Almeida (Vympel) & Kevin Fernandez (Siegfr

icann-flagsThe ICANN and IANA web­sites were defaced ear­lier today by a Turk­ish group called “Net­Dev­ilz”. ICANN is respon­si­ble for the global coor­di­na­tion of the Internet’s sys­tem of unique iden­ti­fiers. These include domain names, as well as the addresses used in a vari­ety of Inter­net pro­to­cols. The Inter­net Assigned Num­bers Author­ity (IANA) is respon­si­ble for the global coor­di­na­tion of the DNS Root, IP address­ing, and other Inter­net pro­to­col resources.
Their domains were redi­rect­ing to a host­ing space at “atspace​.com” where the defac­ers left the fol­low­ing mes­sage:

“You think that you con­trol the domains but you don’t! Every­body knows wrong. We con­trol the domains includ­ing ICANN! Don’t you believe us?”


Hijacked domains include “icann​.com”, “icann​.net”, “iana​.com” and “iana​-servers​.com”.
We reached the defac­ers by email but they refused to tell us how they changed the DNS records, how­ever a cross-​site script­ing or cross-​site request forgery vul­ner­a­bil­ity might have been exploited.

Here is the mir­ror of the ICANN​.com deface­ment:

You can have a look at their other deface­ments here:

Share this content: